pki

package

v0.1.0 Latest Latest Go to latest Published: Jan 13, 2023 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kubernetes-sigs/kwok

Links

Open Source Insights

Documentation ¶

Overview ¶

Package pki is the package that provides functions to generate certificates

Index ¶

Constants
func GeneratePki(dir string) error
func NewCertAndKey(caCert *x509.Certificate, caKey crypto.Signer, config CertConfig) (*x509.Certificate, crypto.Signer, error)
func NewCertificateAuthority(config CertConfig) (*x509.Certificate, crypto.Signer, error)
func NewIntermediateCertificateAuthority(parentCert *x509.Certificate, parentKey crypto.Signer, config CertConfig) (*x509.Certificate, crypto.Signer, error)
func NewSelfSignedCACert(cfg CertConfig, key crypto.Signer) (*x509.Certificate, error)
func NewSignedCert(cfg CertConfig, key crypto.Signer, caCert *x509.Certificate, ...) (*x509.Certificate, error)
type AltNames
type CertConfig

Constants ¶

View Source

const (
	// CertificateBlockType is a possible value for pem.Block.Type.
	CertificateBlockType = "CERTIFICATE"
	// ECPrivateKeyBlockType is a possible value for pem.Block.Type.
	ECPrivateKeyBlockType = "EC PRIVATE KEY"
	// RSAPrivateKeyBlockType is a possible value for pem.Block.Type.
	RSAPrivateKeyBlockType = "RSA PRIVATE KEY"

	CertificateValidity = 100 * 365 * 24 * time.Hour
)

Variables ¶

This section is empty.

Functions ¶

func GeneratePki ¶ added in v0.1.0

func GeneratePki(dir string) error

func NewCertAndKey ¶ added in v0.1.0

func NewCertAndKey(caCert *x509.Certificate, caKey crypto.Signer, config CertConfig) (*x509.Certificate, crypto.Signer, error)

NewCertAndKey creates new certificate and key by passing the certificate authority certificate and key

func NewCertificateAuthority ¶ added in v0.1.0

func NewCertificateAuthority(config CertConfig) (*x509.Certificate, crypto.Signer, error)

NewCertificateAuthority creates new certificate and private key for the certificate authority

func NewIntermediateCertificateAuthority ¶ added in v0.1.0

func NewIntermediateCertificateAuthority(parentCert *x509.Certificate, parentKey crypto.Signer, config CertConfig) (*x509.Certificate, crypto.Signer, error)

NewIntermediateCertificateAuthority creates new certificate and private key for an intermediate certificate authority

func NewSelfSignedCACert ¶ added in v0.1.0

func NewSelfSignedCACert(cfg CertConfig, key crypto.Signer) (*x509.Certificate, error)

NewSelfSignedCACert creates a CA certificate

func NewSignedCert ¶ added in v0.1.0

func NewSignedCert(cfg CertConfig, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer, isCA bool) (*x509.Certificate, error)

NewSignedCert creates a signed certificate using the given CA certificate and key

Types ¶

type AltNames ¶ added in v0.1.0

type AltNames struct {
	DNSNames []string
	IPs      []net.IP
}

AltNames contains the domain names and IP addresses that will be added to the API Server's x509 certificate SubAltNames field. The values will be passed directly to the x509.Certificate object.

type CertConfig ¶ added in v0.1.0

type CertConfig struct {
	CommonName         string
	Organization       []string
	AltNames           AltNames
	Usages             []x509.ExtKeyUsage
	PublicKeyAlgorithm x509.PublicKeyAlgorithm
	NotBefore          time.Time
	NotAfter           time.Time
}

CertConfig contains the basic fields required for creating a certificate

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL